package com.drops.poc;

import com.drops.entity.ControllersFactory;
import com.drops.ui.MainController;
import com.drops.utils.HTTPUtils;
import com.drops.utils.ReUtil;
import com.drops.utils.Utils;

/**
 * @ClassName: EurekaXstream
 * @Description: TODO
 * @Author: Summer
 * @Date: 2021/7/29 10:12
 * @Version: v1.0.0
 * @Description:
 **/
public class EurekaXstreamRCEPOC {

    private final MainController mainController;

    public EurekaXstreamRCEPOC() {
        this.mainController = (MainController) ControllersFactory.controllers.get(MainController.class.getSimpleName());

    }

    /**
     * @param target
     * @Description: 判断是否存在spring-boot-starter-actuator
     * eureka-client < 1.8.7（通常包含在 spring-cloud-starter-netflix-eureka-client 依赖中）
     * @return:
     */
    public boolean hasEurekaXstreamRCE(String target) {
        String regex = "eureka-client([A-Za-z0-9.-]+).jar";
        String context = HTTPUtils.getRequest(target).body();
        String version = "eureka-client-1.8.7";
//        this.mainController.logTextArea.appendText(Utils.log("正在验证是否存在依赖spring-boot-starter-actuator以及 eureka-client 版本 < 1.8.7！"));
        if (context.contains("spring-boot-starter-actuator")){
//            this.mainController.logTextArea.appendText(Utils.log("存在依赖：spring-boot-starter-actuator"));
            String result = ReUtil.hasVersion(context,regex);
            if (result != null){
                if (result.compareToIgnoreCase(version) >= 0){
                    this.mainController.logTextArea.appendText(Utils.log("依赖版本不符合，版本为：" +  result));
                }else {
                    this.mainController.logTextArea.appendText(Utils.log("依赖版本：" + result));
                    this.mainController.logTextArea.appendText(Utils.log("暂不支持eureka xstream deserialization RCE 利用！ "));
                    this.mainController.logTextArea.appendText(Utils.log("请手动利用！ "));
                    return true;
                }
            }else {
//                this.mainController.logTextArea.appendText(Utils.log("eureka-client  依赖不存在！"));
            }

        }else{
//            this.mainController.logTextArea.appendText(Utils.log("spring-boot-starter-actuator  依赖不存在！"));
            return false;
        }
        return false;
    }


}